Virus Removal Guides

A high-severity remote code execution flaw was found in the KCodes NetUSB kernel module

The KCodes NetUSB bug

Many popular router brands, including Netgear, TP-Link, D-Link, and Tenda, have been reported to be vulnerable to a high-severity issue in the KCodes NetUSB component.

KCodes NetUSB
The KCodes NetUSB bug

KCodes NetUSB is a Linux kernel module that enables USB-based services to be provided via a local area network (LAN) over an IP. The driver basically allows printers, external hard drives, and flash drives plugged into a Linux-based embedded system to be available via the network.

The CVE-2021-45608 Vulnerability

According to the report, attackers can execute code in the kernel remotely and do whatever they want if they are able to properly exploit a security flaw identified as CVE-2021-45608 (CVSS score: 9.8).  

After being responsibly notified about the detected flaw, on November 19, 2021, KCodes released a patch for the vulnerability that is accessible to all vendors. Following these actions, Netgear released firmware upgrades that contained fixes for the vulnerability.

A proof-of-concept code (PoC) has not been released by SentinelOne due to the fact that other vendors are currently working on sending the updates. As soon as they receive them, users should make sure to update their routers in order to prevent an exploit from going unnoticed, despite the high level of technical difficulty involved.

Cybersecurity researchers are noting that only a router firmware update can address this vulnerability, as it is in a third-party component licensed to a variety of router companies. Users should make sure that their router is not an out-of-date model, because, if this is the case, it is unlikely to receive an update for this vulnerability.

NetUSB vulnerabilities have been addressed numerous times in the last few years. CVE-2021-45608 is yet another buffer overflow bug that could allow malicious actors to perform attacks of their choice if they successfully exploit it.

In 2015, a security flaw tracked as CVE-2015-3036 was discovered by SEC Consult researchers, who revealed that the exploitation of the bug has the potential to cause a DoS attack or code execution.

In June 2019, details about two NetUSB vulnerabilities tracked as CVE-2019-5016 and CVE-2019-5017 were released by Cisco Talos. According to the information that is disclosed there, these flaws may allow an attacker to force-select Netgear wireless routers to disclose sensitive information and even provide the attacker the ability to remotely execute malicious code.

Exit mobile version